Overview

overview

10

Static

static

3

a5d50b3c2d...18.exe

windows7-x64

10

a5d50b3c2d...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a5d50b3c2dfe6dc4a3f9245146223590_JaffaCakes118

  • Size

    106KB

  • Sample

    240818-hwgv9asapa

  • MD5

    a5d50b3c2dfe6dc4a3f9245146223590

  • SHA1

    7fbce4b6e67682ed1d22d1876fb21eb6badc428d

  • SHA256

    fb82251f919b163a6c131286e00b3352f42574b82f919c1be9de0c0a716697a1

  • SHA512

    19d14ea4e8778df04c97ddf31a9c7ac87954dff798374db602298065cdea3a6c5e7d4915dc02b6766b6aa8a9f6b4fb5602f3670515b17b40c2c2696841fddb85

  • SSDEEP

    3072:jZsC/QPIJCiLIeW+tYUYUUYYSUYUYUYXR:lMi5L

Score
10/10
discoveryevasionpersistence

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    saaksh0610

Targets

    • Target

      a5d50b3c2dfe6dc4a3f9245146223590_JaffaCakes118

    • Size

      106KB

    • MD5

      a5d50b3c2dfe6dc4a3f9245146223590

    • SHA1

      7fbce4b6e67682ed1d22d1876fb21eb6badc428d

    • SHA256

      fb82251f919b163a6c131286e00b3352f42574b82f919c1be9de0c0a716697a1

    • SHA512

      19d14ea4e8778df04c97ddf31a9c7ac87954dff798374db602298065cdea3a6c5e7d4915dc02b6766b6aa8a9f6b4fb5602f3670515b17b40c2c2696841fddb85

    • SSDEEP

      3072:jZsC/QPIJCiLIeW+tYUYUUYYSUYUYUYXR:lMi5L

    Score
    10/10
    discoveryevasionpersistence

    • Disables RegEdit via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks